The Solaris Zones partitioning technology is used to virtualize operating
system services and provide an isolated and secure environment for running
applications. A non-global zone is a virtualized operating system environment
created within a single instance of the Solaris OS. When you create a non-global
zone, you produce an application execution environment in which processes
are isolated from the rest of the system. This isolation prevents processes
that are running in one non-global zone from monitoring or affecting processes
that are running in other non-global zones. Even a process running with superuser
credentials cannot view or affect activity in other zones. A non-global zone
also provides an abstract layer that separates applications from the physical
attributes of the machine on which they are deployed. Examples of these attributes
include physical device paths.

Every Solaris system contains a global zone. The global zone has a dual
function. The global zone is both the default zone for the system and the
zone used for system-wide administrative control. All processes run in the
global zone if no non-global zones are created by the global administrator.
The global zone is the only zone from which a non-global zone can be configured,
installed, managed, or uninstalled. Only the global zone is bootable from
the system hardware. Administration of the system infrastructure, such as
physical devices, routing, or dynamic reconfiguration (DR), is only possible
in the global zone. Appropriately privileged processes running in the global
zone can access objects associated with the non-global zones.